Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2022-12-25 CVE-2022-45197 Improper Certificate Validation vulnerability in Slixmpp Project Slixmpp
Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
network
low complexity
slixmpp-project CWE-295
7.5
2022-12-22 CVE-2022-1197 Improper Certificate Validation vulnerability in Mozilla Thunderbird
When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked.
network
low complexity
mozilla CWE-295
5.4
2022-12-22 CVE-2022-1834 Improper Certificate Validation vulnerability in Mozilla Thunderbird
When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces.
network
low complexity
mozilla CWE-295
6.5
2022-12-22 CVE-2022-22747 Improper Certificate Validation vulnerability in Mozilla Firefox
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash.
network
low complexity
mozilla CWE-295
6.5
2022-12-22 CVE-2022-34469 Improper Certificate Validation vulnerability in Mozilla Firefox
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error.
network
low complexity
mozilla CWE-295
8.1
2022-12-22 CVE-2022-45419 Improper Certificate Validation vulnerability in Mozilla Firefox
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted.
network
low complexity
mozilla CWE-295
6.5
2022-12-08 CVE-2022-46153 Improper Certificate Validation vulnerability in Traefik
Traefik is an open source HTTP reverse proxy and load balancer.
network
low complexity
traefik CWE-295
6.5
2022-11-27 CVE-2022-43705 Improper Certificate Validation vulnerability in Botan Project Botan
In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error.
network
low complexity
botan-project CWE-295
critical
9.1
2022-11-15 CVE-2022-38666 Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features.
network
low complexity
jenkins CWE-295
7.5
2022-11-15 CVE-2022-45391 Improper Certificate Validation vulnerability in Jenkins Ns-Nd Integration Performance Publisher
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
network
low complexity
jenkins CWE-295
7.5